The db.createUser(user, writeConcern) method used to create users.We need to provide the username, password and roles
The definition of createUser as follows
{ user: "<name>", pwd: "password>", customData: { <User Tag> }, roles: [ { role: "<role>", db: "<database>" }, { role: "<role>", db: "<database>"}, ... ] }
Role
Role is an approach to restricting system/DB access to authorized users.The security hierarchy is similar to various DB technologies. There are various roles are
Database User Roles
- read
- readWrite
Database Administration Roles
- dbAdmin
- dbOwner
- userAdmin
Cluster Administration Roles
- clusterAdmin
- clusterManager
- clusterMonitor
- hostManager
Backup and Restoration Roles
- backup
- restore
All-Database Roles
- readAnyDatabase
- readWriteAnyDatabase
- userAdminAnyDatabase
- dbAdminAnyDatabase
Superuser Roles
- root
Internal Role
- –system
The Roles are a self explanatory. For further reading, read the following MongoDB reference manual Roles
Create User
db.createUser(
{
user: "reportUser",
pwd: "12345678",
roles: [
{role: "read", db :"northwind"},
{role: "readWrite", db: "records"},
{role: "backup", db: "admin"},
{role:"clusterAdmin", db: "admin"},
{role:"readAnyDatabase", db: "admin"}
]
}
)
Identify the user roles by using db.getUser()
db.getUser("reportUser")
Change Password
>db.changeUserPassword("reportUser","!@#$1234Mongo")
Drop a user from mongodb using the db.dropUser()
>db.dropUser("reportUser")Revoke a role from the user using revokeRolesFromUser()
>db.revokRolesFromUser(
"reportUser",
[
{role: "readWrite", db:" northwind"},
{role: "backup", db: "admin"}
]
)
